Conventionally, techniques for configuring or programming an FPGA include encrypting configuration data, and storing the encrypted data in a memory unit within the FPGA or in an external storage device operatively connected with the FPGA. However, typically, the key to encrypt arid decrypt (at the time of FPGA configuration) configuration data is stored internally in a memory unit in the FPGA. Alternatively, the key may be stored externally, and may be passed to the FPGA for configuration through a standard interface, such as the Joint Test Action Group (JTAG) interface. However, both these key management implementations do not provide a sufficiently robust method for confidentiality or authentication of the FPGA key or FPGA-configuration data.
Such key management implementations may be susceptible to an attack by a malicious entity, which may result in an unauthorized access to the FPGA key. The FPGA key may be captured from the unsecured storage unit in the FPGA, or may be captured during an unsecure transfer in the JTAG interface. The captured key may then be used by an adversary to decrypt the FPGA-configuration data and make unauthorized copies. Alternatively, or in addition, the configuration data may be reverse-engineered to understand the functionality of the FPGA, and may be further modified to make the FPGA perform unintended functions.